Application Testing

Application security issues are the most common issues for business today because of their complexity. Application security is related with the combination of; security of supporting infrastructure, hardening of supporting servers (such as application, database server) and the secure source code.

The Web Application Testing
Methodology is divided into three distinct phases; Profiling, Assessment and
Exploitation.

Additionally,
testing will be performed for the Application's Network Infrastructure for
hosts and systems within the scope.

Profiling Phase

Information Gathering (Reconnaissance) Techniques will be performed to
gather as much information as possible about the Application's Site Structure
and Network Infrastructure.

Specifically, the following
techniques will be used to find and assess any security-related information:-

Information Gathering / Reconnaissance

Crawling the Application: Using Crawling techniques
to identify all visible directories and scripts.

Knowing the Application: Using the Application
normally from both unauthorized/authorized user perspectives -all different
privileged levels provided- to fully understand Application's functions and mechanisms.

Both automated and manual vulnerability assessment will be performed - based
on the information found from the Profiling Phase - against the Application's
Structure to ensure that all known and unknown vulnerabilities will be
identified.

Specifically, the following vulnerability assessment techniques will be
used:-

▪General Application Logic security flaws and Misconfigurations that could
allow a user to do something that isn't normally allowed by the Application
(e.g. Removing money from a user's bank account by sending her a negative
amount of money)

Exploitation
Phase

At the exploitation stage we will try to exploit and validate the existence
of the identified vulnerabilities. Both online and offline password cracking
techniques (e.g. Guessing, Dictionary, Hybrid, Brute-force) will be performed
against password hashes (e.g. MD5) and/or authentication points found from
previous steps of testing. In case of successful exploitation we will try to
escalate privileges within applications, hosts and networks.